MicrosoftDocs · sdwheeler · Mar 22, 2019 · Mar 22, 2019 · Mar 22, 2019
diff --git a/reference/6/Microsoft.PowerShell.Security/ConvertFrom-SecureString.md b/reference/6/Microsoft.PowerShell.Security/ConvertFrom-SecureString.md
@@ -35,6 +35,10 @@ If an encryption key is specified by using the *Key* or *SecureKey* parameters,
 The specified key must have a length of 128, 192, or 256 bits, because those are the key lengths supported by the AES encryption algorithm.
 If no key is specified, the Windows Data Protection API (DPAPI) is used to encrypt the standard string representation.
 
+> [!NOTE]
+> Note that per [DotNet](/dotnet/api/system.security.securestring?view=netcore-2.1#remarks), the
+> contents of a SecureString are not encrypted.
+
 ## EXAMPLES
 
 ### Example 1: Create a secure string

diff --git a/reference/6/Microsoft.PowerShell.Security/ConvertTo-SecureString.md b/reference/6/Microsoft.PowerShell.Security/ConvertTo-SecureString.md
@@ -43,6 +43,10 @@ This enables it to be stored in a file for later use.
 
 If the standard string being converted was encrypted with **ConvertFrom-SecureString** using a specified key, that same key must be provided as the value of the *Key* or *SecureKey* parameter of the **ConvertTo-SecureString** cmdlet.
 
+> [!NOTE]
+> Note that per [DotNet](/dotnet/api/system.security.securestring?view=netcore-2.1#remarks), the
+> contents of a SecureString are not encrypted.
+
 ## EXAMPLES
 
 ### Example 1: Convert a secure string to an encrypted string